Supporting fixed length keypad input

NIIBE Yutaka gniibe at fsij.org
Tue Jan 15 03:36:53 CET 2013 

Thanks for your comments.

My replies are by different order.

On 2013-01-10 at 09:03 +0100, Achim Pietig wrote:
> "pinpad" is the most common word in standards.

I see.

> If support for "old" readers with fixed length input is requirerd, I
> prefere a local var (e. g. gpgconf) with the fixed length preferred
> by the user.  If the var is 0 or not defined, the min-max length
> should be taken from the card. The var may be evaluated by pinentry.
> If the password is defined by a keyboard, --disable-pinpad may be
> useful.  All this affects the local environment only.

I understand the need for configuration on host PC (for card specific
configuration).  The issue is: how to implement this.  IIUC, SCDaemon
is the lower level driver which handles smartcard/token communication
(perhaps, this understanding of mine would be wrong), and how to get
card specific information is under discussion.

> Actual there are 3 standards for readers with PIN-pad, all support
> var-lenth-pins, so older readers will be obsolet soon.  If you want
> to support this old items anyway, then keep it simple...  It makes
> no sence to me to find a solution with new information in card or
> servers etc. to make this run at any pin-pad - standard compliant
> pinpads will run with min-max values!

Could you please let me know the references for the standards?  A
vendor which I contacted last year claimed that the reader is standard
compliant (even if it doesn't support variable length input).

Well, I understand that fixed length input support should be special
case.

To summarize discussion, I'd like to propose the following for pinpad
input.

  * Default is variable length pinpad input when reader supports the
    feature.

  * Use pinentry by keyboard on host PC, when reader doesn't supports
    the feature (including reader supports pinpad input but requires
    fixed length input).

  * Only when a user wants to do special thing, he needs to specify
    this.  Special cases are:

    (1) Use pinentry by keyboard even with pinpad reader.
        (for cases when PIN has characters other than digits.)

    (2) Use fixed length input.

> Login-Data is an ISO definied data object (7816-6).
> It should not contain other information than defined by ISO, so
> first check if this information is possible there.

It says:

	Proprietary login data

	Referenced by tag '5E', this interindustry data element
	consists of login data with proprietary structures not
	specified in ISO/IEC 7816.
--

More information about the Gnupg-devel mailing list